Results 11  20
of
28
Evaluation of security level of cryptography: ESIGN signature scheme
 CRYPTREC Project
, 2001
"... related to the ESIGN signature scheme. It has been proven to be a secure identification scheme assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as mu ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
related to the ESIGN signature scheme. It has been proven to be a secure identification scheme assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as much attention as the integer factorization problem or the discrete logarithm problem. One way to solve the AER problem is to factor the integer n, where n p2q and p and q are primes of the same bitlength. The parameters recommended ensure that ESIGN resists all known attacks for factoring integers of this form. 2 Protocol specification 2.1 ESIGN key pairs For the security parameter k pLen, each entity does the following: 1. Randomly select two distinct primes, p, q, each of bitsize k and compute n p2q. 2. Select an integer e 4. 3. A’s public key is n e k ; A’s private key is p q . In addition, one needs to specify a hash function H whose output length is k bits. 2.2 ESIGN identification In the ESIGN identification scheme, the verifier sends a random message to the prover who signs the message using her ESIGN private key. The process whereby an entity A verifies herself to entity B is the following: 1. (random challenge) Verifier B generates a random string m 0 1 k 1 and sends it to A. 2. (response) A generates an ESIGN signature s of the challenge m as follows: 2.1. Pick r uniformly at random from r Zpq: gcd r p 1 . 2.2. Set z 0 H m 02k and α I z
re mod n, where the function I converts a binary string into an integer in the usual way. 3 Security level of cryptographic techniques Page 2 2.3. Set w0 w1 such that w0
Factorizationbased FailStop Signatures Revisited
, 2004
"... Failstop signature (FSS) schemes are important primitives because in a failstop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme's underlying computational hard problem and hence forges a signature, then with ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Failstop signature (FSS) schemes are important primitives because in a failstop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme's underlying computational hard problem and hence forges a signature, then with overwhelming probability the signer is able to prove that a forgery has occurred (i.e. that the underlying hard problem has been broken). Although there is a practical FSS scheme based on the Discrete Logarithm problem, no provable secure FSS scheme is known that is based on the pure factorization problem (i.e. the assumption that integer factoring for arbitrary integers is hard). To be more concrete, the most popular factorization based FSS scheme relies on the assumption that factoring a special kind of Blum integers is intractable. All other FSS schemes related to integer factoring are based on even stronger assumptions or insecure. In this paper, we first cryptanalyze one of those schemes and show how to construct forged signatures that don't enable the signer to prove forgery. Then we repair the scheme at the expense of a reduced message space. Finally, we develop a new provable secure scheme based on the di#culty of factoring integers of the shape p q for primes p, q.
Paillier’s Cryptosystem Modulo p 2 q and Its Applications to Trapdoor Commitment Schemes
"... In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (INDCPA). ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (INDCPA).
Zero knowledge interactive proofs of knowledge (a digest)", Second Conference on Theoretical Aspects of Reasoning about Knowledge
 IBM Research Division, T. J. Watson Research
, 1988
"... ..."
Factorizationbased FailStop Signatures Revisited No Author Given
"... Abstract. Failstop signature (FSS) schemes are important primitives because in a failstop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme’s underlying computational hard problem and hence forges a signature, then wi ..."
Abstract
 Add to MetaCart
Abstract. Failstop signature (FSS) schemes are important primitives because in a failstop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme’s underlying computational hard problem and hence forges a signature, then with overwhelming probability the signer is able to prove that a forgery has occurred (i.e. that the underlying hard problem has been broken). Although there is a practical FSS scheme based on the Discrete Logarithm problem, no provable secure FSS scheme is known that is based on the pure factorization problem (i.e. the assumption that integer factoring for arbitrary integers is hard). To be more concrete, the most popular factorization based FSS scheme relies on the assumption that factoring a special kind of Blum integers is intractable. All other FSS schemes related to integer factoring are based on even stronger assumptions or insecure. In this paper, we first cryptanalyze one of those schemes and show how to construct forged signatures that don’t enable the signer to prove forgery. Then we repair the scheme at the expense of a reduced message space. Finally, we develop a new provable secure scheme based on the difficulty of factoring integers of the shape p 2 q for primes p, q.
�A Threshold for NEMO Group Communications
"... Abstract—In this paper, a novel secure key sharing and distribution scheme for network mobility (NEMO) group communications is proposed. The scheme offers the capability of multiple key sharing and distribution for current and future application scenarios, and a threshold mechanism that effectively ..."
Abstract
 Add to MetaCart
Abstract—In this paper, a novel secure key sharing and distribution scheme for network mobility (NEMO) group communications is proposed. The scheme offers the capability of multiple key sharing and distribution for current and future application scenarios, and a threshold mechanism that effectively improves flexibility and robustness of the key sharing and distribution process. Both forward and backward secrecy are guaranteed by compulsive key refreshment and automatic key refreshment mechanisms, which provide dynamic inprogress group communication joining/ leaving and periodic keys renewal, respectively. Security and performance analysis are presented to demonstrate that the proposed scheme meets the special security requirements for NEMO group communications and is competent for key sharing and distribution service. Index Terms—Forward and backward secrecy, key distribution and management, network mobility (NEMO) group communications, threshold mechanism. I.